This invention relates generally to enhancing the security of user data stored in computer systems, and more particularly, to an individual data unit and systems including individual data units such that the security of user data stored in such systems is enhanced.
Different types of entities collect information regarding their customers as part of conducting business or interacting with the public. Such entities may include retailers, governmental agencies, medical providers, identity management system (IDMS) owners and operators, and secure email service providers. Each different entity typically stores its collected user data on a central user data server configured to communicate over networks like the Internet. For example, retailers have been known to store credit card information and order histories for customers. Governmental agencies have been known to store the social security numbers and birth dates of citizens. Medical providers routinely store sensitive health records of individuals. IDMS operators typically store passwords, biometric data, security questions and answers, and other personal information of people who authenticate themselves using the IDMS. Additionally, email systems, including those that are designed to be extra secure against cyber-attack, typically store sensitive emails associated with users in a central user data server.
Some entities have been known to store information regarding many millions of different users. Such large amounts of user data coupled with Internet access to the central user data servers has been known to create a target highly valued by cyber-criminals due to the amount of data that may be stolen in a single successful cyber-attack.
The high value of centralized targets has been known to attract well financed players, including state actors and organized criminal enterprises. The high value of the data, all stored in one place, means that cyber-criminals can afford to mount a well-resourced attack to steal the data, including, in some cases, brute force decryption attacks should the data be stored in an encrypted form.
Cyber-criminals have been known to use stolen customer data for their economic gain. For example, cyber-criminals have been known to use a victim's data to fraudulently open new credit card accounts and to charge purchases to the new accounts. Although the victims likely do not know about the fraudulently opened new accounts or the purchases, many times the victims are liable for purchases made by the cyber-criminals. Even in situations where individual users are not financially liable for such criminal acts, the financial burden of such thefts is spread across all of society and everyone ultimately suffers some financial impact. Cyber-criminals have also been known to take over investment accounts and withdraw the funds from those accounts leaving the victims with little money for retirement or to pay college tuition for children. Additionally, cyber-criminals have been known to use a victims' data to set up new fraudulent social networking sites in which they pretend to be the victim. In addition to financially damaging victims, cyber-attacks have been known to take an emotional toll on victims, cause physical symptoms like inability to concentrate, and create social stress. People whose data is stolen are victims of a successful cyber-attack.
To improve security against cyber-attacks, entities have been known to encrypt the data. The limiting factor for this technique is the fact that the central user data server must have access to the decryption key or keys, which means that any successful cyber-attack on the central user data server may also provide a cyber-criminal with access to the decryption key or keys. Another technique to improve security is to limit direct access to the central user data server via firewalls or other methods. Unfortunately, cyber-criminals have demonstrated the ability to bypass such limitations, either by exploiting security flaws in the firewall devices or by obtaining administrative passwords via sophisticated phishing attacks.
Additional security measures known to have been taken by some entities include encrypting and protecting the decryption key or keys with a password. While this undoubtably makes it more difficult for a cyber-criminal, the same limitation applies: the key to decrypt the decryption key for the user data still has to be accessible to the central user data server, and is thus vulnerable when a cyber-criminal successfully compromises the central user data server.
Another security measure that has been suggested is to distribute the user data across multiple servers. This is typically done in a manner similar to the way RAID storage units “stripe” data across multiple disks. That is, each user's data may be spread across multiple distributed storage locations, all of which need to be accessed and the data combined in order to read that data. Current descriptions of this approach suffer from the same limiting factor as the many schemes for encrypting the user data—the central data server must know where the data has been distributed in order to access it, and this knowledge becomes accessible to a cyber-criminal when the central server is compromised. Forcing a cyber-criminal to serially trace down multiple pieces of information in order to compromise the user data is only an incremental increase in security. It is not orders of magnitude more difficult to access the user data once the central data server has been compromised and the large quantity of valuable data that will be exposed by defeating a handful of additional incremental security measures still makes the target very worthwhile for such cyber-criminals.
Known security measures are typically designed to enhance the difficulty of breaking into central user data servers. Regularly occurring successful cyber-attacks are evidence that known security measures are not effective enough at protecting high value targets containing large volumes of sensitive data stored in a central user data server. That is, the cost to a cyber-criminal is still less than the value of the data obtained in a successful attack. As a result, such known measures do not sufficiently reduce incentives that make it worth-while for cyber-criminals to try to steal large volumes of sensitive data stored in a central user data server.